How to Utilize Stinger

By Ole Jørgen Sve

McAfee Stinger is a standalone utility used to detect and remove certain viruses. Stinger uses next-generation scan technology, such as rootkit scanning, and scan performance optimizations.

McAfee Stinger now finds and removes GameOver Zeus and CryptoLocker.

How do you utilize Stinger?
  • Once prompted, choose to save the file to a convenient place in your hard diskdrive, such as the Desktop folder.
  • Once the downloading is complete, browse to the folder which comprises the downloaded Stinger record, and run it.
  • By default, Stinger scans for conducting procedures, loaded modules, registry, WMI and directory places known to be used by malware to a machine to maintain scan times minimum. If necessary, click the”Customize my scan” link to add additional drives/directories for a scan.
  • Stinger has the capability to scan targets of Rootkits, which isn’t enabled by default.
  • Click on the Scan button to begin scanning the given drives/directories.
  • Stinger leverages GTI File Reputation and runs community heuristics at Moderate level by default. If you select”High” or”Very High,” McAfee Labs recommends that you set the”On hazard detection” activity to”Report” only for the first scan.

    Q: I know I have a virus, however, Stinger did not detect one. What’s this?
    An: Stinger is not a replacement for a full anti-virus scanner. It is just supposed to find and remove certain threats.Read about At website

    Q: Stinger discovered a virus that it couldn’t repair. What’s this?
    A: This is probably due to Windows System Restore functionality having a lock onto the infected file. Windows/XP/Vista/7 users must disable system restore prior to scanning.

    Q: Where is your scan log stored and how do I see them?
    Within Stinger, browse into the log TAB along with the logs are displayed as listing of time stamp, clicking on the log file name opens the document from the HTML format.

    Q: Which would be the Quarantine files saved?
    A: The quarantine documents are saved under C:\Quarantine\Stinger.

    Q: what’s your”Threat List” option under Advanced menu utilized for?
    A: The Threat List provides a list of malware that Stinger has been configured to discover. This list does not contain the results of running a scan.

    Q: Why Are there some command-line parameters available when running Stinger?
    A: Yes, the command-line parameters have been displayed by going to the help menu within Stinger.

    Q: I ran Stinger and finally have a Stinger.opt file, what is that?
    A: When Stinger runs it generates the Stinger.opt record that saves the recent Stinger configuration. After you operate Stinger the second time, your prior configuration is employed as long as the Stinger.opt file is in precisely the same directory as Stinger.

    Is this expected behaviour?
    A: as soon as the Rootkit scanning alternative is chosen within Stinger preferences — VSCore documents (mfehidk.sys & mferkdet.sys) to a McAfee endpoint is going to be upgraded to 15.x. These documents are set up only if newer than what’s about the machine and is needed to scan for the current generation of newer rootkits. In the event the rootkit scanning alternative is disabled in Stinger — that the VSCore upgrade will not occur.

    Q: How Can Stinger work rootkit scanning when deployed via ePO?
    A: We’ve disabled rootkit scanning from the Stinger-ePO bundle to limit the auto update of VSCore parts when an admin deploys Stinger to thousands of machines. To enable rootkit scanning in ePO manner, please utilize these parameters while checking in the Stinger bundle in ePO:

    –reportpath=%temp% –rootkit

    Q: How What versions of Windows are supported by Stinger?
    Furthermore, Stinger requires the machine to have Web Explorer 8 or over.

    Q: Which are the prerequisites for Stinger to perform at a Win PE surroundings?
    A: whilst creating a custom Windows PE image, add support to HTML Application parts utilizing the instructions provided in this walkthrough.

    Q: How do I get support for Stinger?
    A: Stinger isn’t a supported application. McAfee Labs makes no guarantees about this item.

    Q: How How can I add custom made detections to Stinger?
    A: Stinger has the option where a user may input upto 1000 MD5 hashes as a custom made blacklist. Throughout a system scan, even if any files fit the habit blacklisted hashes – that the documents will get detected and deleted. This attribute is provided to assist power users who have isolated an malware sample(s) that no detection can be found however from the DAT documents or GTI File Reputation. To leverage this feature:

    1. From the Stinger port goto the Advanced –> Blacklist tab.
    2. Input MD5 hashes to be discovered either through the Input Signal Hash button or click on the Load hash List button to point to a text file containing MD5 hashes to be contained in the scanning. SHA1, SHA 256 or other hash kinds are jobless.
    3. During a scan, documents which fit the hash is going to have detection name of Stinger! . Full dat fix is applied on the found file.
    4. Documents which are digitally signed with a valid certificate or those hashes that are already marked as clean from GTI File Reputation won’t be detected as part of the custom made blacklist. This is a safety feature to prevent customers from accidentally deleting files.

    Q: How do run Stinger with no Real Protect component getting installed?
    A: The Stinger-ePO package doesn’t fulfill Actual Protect. In order to conduct Stinger with no Real Protect getting installed, execute Stinger.exe –ePO